Add more thorough check for CSP violations

4 files changed, 9 insertions, 8 deletions

diff --git a/test/data/support/csp-clean.php b/test/data/support/csp-clean.php
new file mode 100644
index 000000000..e16d047a3
--- /dev/null
+++ b/test/data/support/csp-clean.php
@@ -0,0 +1,3 @@
+<?php
+	file_put_contents("csp.log", "", LOCK_EX);
+?>
diff --git a/test/data/support/csp-log.php b/test/data/support/csp-log.php
new file mode 100644
index 000000000..efbb9d7bc
--- /dev/null
+++ b/test/data/support/csp-log.php
@@ -0,0 +1,3 @@
+<?php
+	file_put_contents("csp.log", "error", LOCK_EX);
+?>
diff --git a/test/data/support/csp.log b/test/data/support/csp.log
new file mode 100755
index 000000000..e69de29bb
--- /dev/null
+++ b/test/data/support/csp.log
diff --git a/test/data/support/csp.php b/test/data/support/csp.php
index b21ce0f74..d01def783 100644
--- a/test/data/support/csp.php
+++ b/test/data/support/csp.php
@@ -1,12 +1,7 @@
 <?php
-	# Support: Firefox
-	header("X-Content-Security-Policy: default-src 'self';");
-
-	# Support: Webkit, Safari 5
-	# http://stackoverflow.com/questions/13663302/why-does-my-content-security-policy-work-everywhere-but-safari
-	header("X-WebKit-CSP: script-src " . $_SERVER["HTTP_HOST"] . " 'self'");
-
-	header("Content-Security-Policy: default-src 'self'");
+	# This test page checkes CSP only for browsers with "Content-Security-Policy" header support
+	# i.e. no old WebKit or old Firefox
+	header("Content-Security-Policy: default-src 'self'; report-uri csp-log.php");
 ?>
 <!DOCTYPE html>
 <html>